SUSE-SU-2026:21737-1 Security update for iproute2

This update for iproute2 fixes the following issue - CVE-2024-58251: denial of service via terminal escape sequences bsc1254324. Changes for iproute2: - support display of bound but unconnected sockets bsc1204562. - avoid spurious cgroup warning bsc1234383. - add post-6.4 follow-up fixes...

Astra Linux - уязвимость в glibc

The iconv program in the GNU C Library also known as glibc or libc6 version 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, resulting in a...

Astra Linux - уязвимость в glibc

The iconv function in the GNU C Library also known as glibc or libc6 version 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially leading to a denial of service...

Astra Linux - уязвимость в linux

A issue was discovered in the Linux kernel through version 5.11.x. The kernel/bpf/verifier.c file contains unwanted out-of-bounds speculation during pointer arithmetic operations, which allows for side-channel attacks that circumvent Spectre mitigations and extract sensitive information from kern...

Astra Linux - уязвимость в libx11

The LookupCol.c file in X.Org X, as well as versions of X11R7.7 and libX11 prior to version 1.7.1, may allow remote attackers to execute arbitrary code. The libX11 XLookupColor function, intended for server-side color lookups, contains a flaw that allows a client to send color-name requests with...

Astra Linux - уязвимость в rustc

A issue was discovered in the Bidirectional Algorithm in the Unicode Specification through version 14.0. This algorithm allows for the visual reordering of characters through control sequences, which can be used to create source code that implements logic different from the logical order of token...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: TCP: Do not accept ACKs for bytes that we never sent. This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. The validation of ACK sequences currently follows the guidelines outlined in RFC 5961,...

Astra Linux - уязвимость в glibc

The iconv function in the GNU C Library also known as glibc or libc6 versions 2.32 and earlier, when processing invalid multi-byte input sequences in encodings such as IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399, fails to advance the input state properly. This can lead to an infinite loop in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: raw: Fixed NULL dereference in rawgetnext. Da R. Jeong reported a NULL dereference in rawgetnext. It seems that the repro was running these sequences in parallel, causing one thread to iterate on a socket that was being freed ...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Fix for the warning when handling the discoveridentity message Since both the source and sink devices can send the discoveridentity message in PD3, the kernel may display a warning. ------------ Cut here ---...

Astra Linux - уязвимость в tomcat9

A flaw in Apache Tomcat allows improper neutralization of escape, meta, or control sequences. Tomcat does not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, an attacker could use a...

Astra Linux - уязвимость в grub2

When rendering certain Unicode sequences, Grub2’s font code does not properly validate whether the width and height of the glyph are within the bitmap size. As a result, an attacker can create an input that will cause an out-of-bounds write to Grub2’s heap, leading to memory corruption and...

Astra Linux - уязвимость в tomcat9

There is an improper neutralization of vulnerabilities related to escape, meta, or control sequences in Apache Tomcat. For a subset of uncommon rewrite rule configurations, it was possible for a specially crafted request to bypass certain rewrite rules. If these rewrite rules effectively enforced...

Astra Linux - уязвимость в python-django

A issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and the striptags template filter are vulnerable to a potential denial-of-service attack due to certain inputs containing large sequences of nested incomplete HTML entities...

Astra Linux - уязвимость в util-linux

The wall function in util-linux up to version 2.40 is often installed with setgid and tty permissions. This allows escape sequences to be sent to other users’ terminals via argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocke...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fixed the issue of parameter context leaks during the damonsysfsnewtestctx function failure. The patch series “mm/damon/sysfs: fixed memory leaks and NULL pointer dereferencing issues”, version 4. DAMONSYSFS may...

Local privilege escalation in Linux Kernel (Dirty Frag)

Overview A privilege escalation vulnerability, nicknamed "Dirty Frag," has been discovered in the Linux kernel versions 4.10 and later. This vulnerability is a result of chaining together two previously discovered vulnerabilities, xfrm-ESP Page-Cache Write CVE-2026-43284 and the RxRPC Page-Cache...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021615)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021615 advisory. In the Linux kernel, the following vulnerability has been resolved: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data In case the non-paged data...

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

Important: Red Hat Security Advisory: python-markdown security update

An update for python-markdown is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...